International Journal of Recent Research and Review

HOME

ABOUT JOURNAL

ISSUES

SPECIAL ISSUES

ARTICLE SUBMISSION

EDITORIAL BOARD

INDEXING

CONTACT US

Call For Papers

Review Process

Checkpoints Before Sending Paper

SUBJECT AREAS:

Engineering & Technology

Science

Management

Humanities

Medical Science
Nursing
Pharmaceutical Science

Tapan Kumar Jha

Keywords: Web Application Penetration Testing, VAPT, OWASP Top 10, Dynamic Analysis, Automated Scanners, Comparative Study

Abstract: Web applications increasingly serve as critical infrastructure, yet remain disproportionately vulnerable to cyber-attacks. This paper presents a comparative analysis of modern penetration testing (VAPT) tools— both open-source and commercial—with a focus on detection efficacy, coverage of the OWASP Top 10, false-positive rates, performance, usability, and cost. A selection of tools (Skipfish, OWASP ZAP, Burp Suite Pro, W3af, Qualys WAS, and Fortify WebInspect) are reviewed through data drawn from recent peer-reviewed studies, benchmarks on standardized testbeds like bWAPP, and industry reports. Findings indicate that while Burp Suite Pro leads for comprehensive detection in commercial settings, OWASP ZAP stands out among free tools. Skipfish offers high-speed coverage, but manual testing remains essential for business-logic flaws. The paper discusses each tool’s strengths, limitations, and areas for improvement— including AI integration, reduced noise, improved logic-flaw detection, and standardized benchmarking. Future directions stress a hybrid testing approach combining automation and human expertise.

PDF View

PUBLISHED
December 2024
 

ISSUE
Vol. XVII, Issue 4

SECTION
Articles